MicroMacro home
https://www.solarstrike.net/phpBB3/
Unless you installed a 64-bit compiler and have specifically set up your project to compile as 64-bit, it is 32-bit. I assume you just got the Code::Blocks and MinGW package, so it will be 32-bit.Exempt wrote:How can I be sure the code is compiling as a 32bit code? I've read that it may only work on 32bit source and apps.
Edit: Sorry i though i hit edit.
Code: Select all
extern "C" BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)Code: Select all
CPU Disasm
Address Hex dump Command Comments
0041C230 /$ 56 PUSH ESI ; Xenimus.0041C230(guessed Arg1,Arg2)
0041C231 |. 8B7424 08 MOV ESI,DWORD PTR SS:[ARG.1]
0041C235 |. 8971 10 MOV DWORD PTR DS:[ECX+10],ESI
0041C238 |. 0FB616 MOVZX EDX,BYTE PTR DS:[ESI]
0041C23B |. 0FB646 01 MOVZX EAX,BYTE PTR DS:[ESI+1]
0041C23F |. 03C2 ADD EAX,EDX
0041C241 |. 8B51 28 MOV EDX,DWORD PTR DS:[ECX+28]
0041C244 |. 25 FF000000 AND EAX,000000FF
0041C249 |. 8941 04 MOV DWORD PTR DS:[ECX+4],EAX
0041C24C |. 0FB60410 MOVZX EAX,BYTE PTR DS:[EDX+EAX]
0041C250 |. 83E0 24 AND EAX,00000024
0041C253 |. 83C8 01 OR EAX,00000001
0041C256 |. 8901 MOV DWORD PTR DS:[ECX],EAX
0041C258 |. 8036 AA XOR BYTE PTR DS:[ESI],AA
0041C25B |. 8B51 10 MOV EDX,DWORD PTR DS:[ECX+10]
0041C25E |. 803A 00 CMP BYTE PTR DS:[EDX],0
0041C261 |. 74 6B JE SHORT 0041C2CE
0041C263 |. 57 PUSH EDI
0041C264 |. 8B7C24 10 MOV EDI,DWORD PTR SS:[ARG.2]
0041C268 |. 83FF 02 CMP EDI,2
0041C26B |. C741 08 02000 MOV DWORD PTR DS:[ECX+8],2
0041C272 |. 7E 59 JLE SHORT 0041C2CD
0041C274 |. 53 PUSH EBX
0041C275 |> 8B59 04 /MOV EBX,DWORD PTR DS:[ECX+4] //This is where the loop starts here
0041C278 |. 8B51 28 |MOV EDX,DWORD PTR DS:[ECX+28]
0041C27B |. 8B41 08 |MOV EAX,DWORD PTR DS:[ECX+8]
0041C27E |. 8B31 |MOV ESI,DWORD PTR DS:[ECX]
0041C280 |. 85F0 |TEST EAX,ESI
0041C282 |. 8A141A |MOV DL,BYTE PTR DS:[EBX+EDX]
0041C285 |. 0FBEDA |MOVSX EBX,DL
0041C288 |. 74 13 |JE SHORT 0041C29D
0041C28A |. 85DE |TEST ESI,EBX
0041C28C |. 8B71 10 |MOV ESI,DWORD PTR DS:[ECX+10]
0041C28F |. 74 06 |JE SHORT 0041C297
0041C291 |. 03C6 |ADD EAX,ESI
0041C293 |. 3010 |XOR BYTE PTR DS:[EAX],DL
0041C295 |. EB 1E |JMP SHORT 0041C2B5
0041C297 |> 03C6 |ADD EAX,ESI
0041C299 |. 2810 |SUB BYTE PTR DS:[EAX],DL
0041C29B |. EB 18 |JMP SHORT 0041C2B5
0041C29D |> 85DE |TEST ESI,EBX
0041C29F |. 74 0D |JE SHORT 0041C2AE
0041C2A1 |. 8B51 10 |MOV EDX,DWORD PTR DS:[ECX+10]
0041C2A4 |. 03C2 |ADD EAX,EDX
0041C2A6 |. 8A10 |MOV DL,BYTE PTR DS:[EAX]
0041C2A8 |. F6D2 |NOT DL
0041C2AA |. 8810 |MOV BYTE PTR DS:[EAX],DL
0041C2AC |. EB 07 |JMP SHORT 0041C2B5
0041C2AE |> 8B71 10 |MOV ESI,DWORD PTR DS:[ECX+10]
0041C2B1 |. 03C6 |ADD EAX,ESI
0041C2B3 |. 0010 |ADD BYTE PTR DS:[EAX],DL
0041C2B5 |> 8B41 04 |MOV EAX,DWORD PTR DS:[ECX+4]
0041C2B8 |. 8341 08 01 |ADD DWORD PTR DS:[ECX+8],1
0041C2BC |. 83C0 01 |ADD EAX,1
0041C2BF |. 25 FF000000 |AND EAX,000000FF
0041C2C4 |. 8941 04 |MOV DWORD PTR DS:[ECX+4],EAX
0041C2C7 |. 3979 08 |CMP DWORD PTR DS:[ECX+8],EDI
0041C2CA |.^ 7C A9 \JL SHORT 0041C275 //It ends here...
0041C2CC |. 5B POP EBX
0041C2CD |> 5F POP EDI
0041C2CE |> 5E POP ESI
0041C2CF \. C2 0800 RETN 8
Code: Select all
0041C230 /$ 56 PUSH ESI ; Xenimus.0041C230(guessed Arg1,Arg2)
0041C231 |. 8B7424 08 MOV ESI,DWORD PTR SS:[ARG.1]
0041C235 |. 8971 10 MOV DWORD PTR DS:[ECX+10],ESI
0041C238 |. 0FB616 MOVZX EDX,BYTE PTR DS:[ESI]
0041C23B |. 0FB646 01 MOVZX EAX,BYTE PTR DS:[ESI+1]Code: Select all
typedef int (__thiscall* DecryptCall)(void* pthis, unsigned char* buffer, int length);